Privacy Policy

1. Overview

AuditStack (https://auditstack.net) is committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights regarding that data.

2. Data We Collect

We collect the following information:

• Scan requests: Email address and domain URL submitted through our scan form.
• Payment data: Processed securely by Stripe. We do not store card details on our servers.
• Contact form submissions: Name, email address, and message content.
• Usage data: Anonymous analytics such as page views and referral sources.

3. How We Use Your Data

• To execute security scans and deliver reports to your email.
• To process payments via Stripe.
• To respond to contact form enquiries.
• To send occasional follow-up emails with useful tips and offers relating to your scan results. You can unsubscribe at any time using the link in every email.
• To improve our services and website experience.

Our follow-up emails are sent under the UK GDPR & PECR "soft opt-in" exemption (Regulation 22(3)) because you provided your email during a commercial interaction and the follow-ups relate to similar services. You may opt out at any time using the unsubscribe link or by emailing us — we honour unsubscribes within 24 hours.

4. Data Storage & Security

Your data is stored securely using Supabase (hosted on AWS). We use HTTPS encryption for all data in transit and follow security best practices for data at rest. Scan results are stored in our database and associated with the email address provided.

5. Third-Party Services

We use the following third-party services:

• Stripe — Payment processing. Subject to Stripe's Privacy Policy.
• Supabase — Database hosting and authentication.
• Vercel — Website hosting and deployment.

6. Cookies

AuditStack uses essential cookies required for site functionality. We do not use tracking cookies or third-party advertising cookies.

7. Your Rights

You have the right to:

• Request access to the personal data we hold about you.
• Request correction or deletion of your data.
• Withdraw consent for data processing at any time.
• Lodge a complaint with a data protection authority.

8. Data Retention

Scan results and associated email addresses are retained for up to 12 months. Contact form submissions are retained for up to 6 months. You may request deletion at any time.

9. Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated revision date.

10. Contact

For privacy-related enquiries, please use our contact page and we'll get back to you within 1 working day.